How Safe is Ioncube Encoding?

rvZA

rvZA

Honorary Master
Joined
Jan 3, 2021
Messages
25,277
Reaction score
25,153
Just out of interest, how safe is Ioncube source encoding?

Can it easily be decoded?
 
Thor said:
PHP code is server-side, no need to obfuscate it
Click to expand...

I just like the additional security for specific reasons. My question still stands, how secure is Ioncube? Can it easily be decoded if a hacker somehow gains access to your site and is able to view the source code of your files?
 
rvZA said:
I just like the additional security for specific reasons. My question still stands, how secure is Ioncube? Can it easily be decoded if a hacker somehow gains access to your site and is able to view the source code of your files?
Click to expand...
It is not encryption, so yea it can be decoded, otherwise, your code won't work. It essentially compiles to byte code and then back, iirc.

Never really ever saw a use for this, like I said, PHP is sever side, absolutely no way for your source code to be exposed unless your server is vulnerable in which case your ioncube credentials will be leaked anyway.
 
Thor said:
It is not encryption, so yea it can be decoded, otherwise, your code won't work. It essentially compiles to byte code and then back, iirc.

Never really ever saw a use for this, like I said, PHP is sever side, absolutely no way for your source code to be exposed unless your server is vulnerable in which case your ioncube credentials will be leaked anyway.
Click to expand...

I have never used Ioncube myself, but some scripts I bought before did have part of their code encoded by Ioncube and therefore I had to install Ioncube on my dedicated server to run these scripts.

I now have a small piece of PHP Code I want to encode using Ioncube, since I have it installed. So, assume a hacker gains access to a site and can view all files in my root directory and their source code, how easy would it be for the hacker to decode that piece for Ioncube code?
 
I'm not a PHP "developer" but coming from the Java world, I can tell you code obfuscation is pointless. At least from my perspective. I do have a lot of Java experience so that could be a factor but I can pretty easily understand what's happening and "copy" the code if I wanted to.

In fact because it is obfuscated, it would make plausible deniability easier if I were to straight up copy it.
 
I sometimes think the reason people want to hide their source is to hide the fact it was copied from internet tutorials
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X